The SecurityWeek report details how Meta’s AI recovery assistant was tricked into reassigning high-profile Instagram accounts—including the Obama White House handle, Sephora, and the Chief Master Sergeant of the Space Force—via simple natural-language requests. Attackers supplied VPN-spoofed locations and AI-altered selfies to bypass verification, then reset passwords and evaded 2FA without owner notification. This is a textbook confused-deputy flaw: the AI held privileged API access yet performed no meaningful identity validation before executing account mutations. Beyond the immediate incident, the episode exposes Meta’s pattern of prioritizing conversational utility over authorization boundaries, echoing earlier WhatsApp View Once bypasses and the McDonald’s chatbot data exposure. Mainstream coverage treats this as an isolated bug; in reality it signals a broader industry failure where generative agents are granted write access to identity systems without cryptographic attestation or policy-enforcement layers. Comparable risks have surfaced in Pentagon AI battlefield pilots, where overly permissive agents could be socially engineered into leaking or altering access credentials. The absence of post-incident telemetry on affected accounts further underscores Meta’s opacity, leaving users and regulators without a full damage assessment. Until platforms enforce strict, auditable authorization for AI agents rather than relying on helpfulness heuristics, similar takeovers will proliferate across social infrastructure.